Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a buffer overread in fts3 that could occur when decoding a corrupted record. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
9a4a40c45feb2bb89020dc7711b47534 |
| User & Date: | dan 2020-06-12 15:17:27 |
Context
|
2020-06-17
| ||
| 12:37 | Merge miscellaneous fixes from trunk into the 3.32 branch. (check-in: d55b8e79 user: drh tags: branch-3.32) | |
|
2020-06-12
| ||
| 15:45 | New test case added to test/fuzzdata8.db. (check-in: 14a5cbdd user: drh tags: trunk) | |
| 15:17 | Fix a buffer overread in fts3 that could occur when decoding a corrupted record. (check-in: 9a4a40c4 user: dan tags: trunk) | |
| 00:31 | Remove a NEVER() that turns out to be reachable. (check-in: 44e573ec user: drh tags: trunk) | |
Changes
Changes to ext/fts3/fts3.c.
| ︙ | ︙ | |||
2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 |
** POS_END (0) or POS_COLUMN (1). The following block merges the two lists
** and writes the results to buffer p. p is left pointing to the byte
** after the list written. No terminator (POS_END or POS_COLUMN) is
** written to the output.
*/
fts3GetDeltaVarint(&p1, &i1);
fts3GetDeltaVarint(&p2, &i2);
do {
fts3PutDeltaVarint(&p, &iPrev, (i1<i2) ? i1 : i2);
iPrev -= 2;
if( i1==i2 ){
fts3ReadNextPos(&p1, &i1);
fts3ReadNextPos(&p2, &i2);
}else if( i1<i2 ){
| > > > | 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 |
** POS_END (0) or POS_COLUMN (1). The following block merges the two lists
** and writes the results to buffer p. p is left pointing to the byte
** after the list written. No terminator (POS_END or POS_COLUMN) is
** written to the output.
*/
fts3GetDeltaVarint(&p1, &i1);
fts3GetDeltaVarint(&p2, &i2);
if( i1<2 || i2<2 ){
break;
}
do {
fts3PutDeltaVarint(&p, &iPrev, (i1<i2) ? i1 : i2);
iPrev -= 2;
if( i1==i2 ){
fts3ReadNextPos(&p1, &i1);
fts3ReadNextPos(&p2, &i2);
}else if( i1<i2 ){
|
| ︙ | ︙ | |||
5166 5167 5168 5169 5170 5171 5172 | ** the phrase object passed as the fifth argument according to a NEAR ** condition. For example: ** ** abc NEAR/5 "def ghi" ** ** Parameter nNear is passed the NEAR distance of the expression (5 in ** the example above). When this function is called, *paPoslist points to | | | 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 | ** the phrase object passed as the fifth argument according to a NEAR ** condition. For example: ** ** abc NEAR/5 "def ghi" ** ** Parameter nNear is passed the NEAR distance of the expression (5 in ** the example above). When this function is called, *paPoslist points to ** the position list, and *pnToken is the number of phrase tokens in the ** phrase on the other side of the NEAR operator to pPhrase. For example, ** if pPhrase refers to the "def ghi" phrase, then *paPoslist points to ** the position list associated with phrase "abc". ** ** All positions in the pPhrase position list that are not sufficiently ** close to a position in the *paPoslist position list are removed. If this ** leaves 0 positions, zero is returned. Otherwise, non-zero. |
| ︙ | ︙ |
Changes to test/fts3corrupt2.test.
| ︙ | ︙ | |||
12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
set testdir [file dirname $argv0]
source $testdir/tester.tcl
# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
ifcapable !fts3 { finish_test ; return }
set ::testprefix fts3corrupt2
set data [list]
lappend data {*}{
"amxtvoo adqwroyhz auq aithtir avniqnuynvf axp ahibayfynig agbicpm"
"ajdtebs anteaxr aieynenwmd awpl alo akxcrwow aoxftge aoqvgul"
"amcfvdr auz apu aebelm ahuxyz aqc asyafdb agulvhvqu"
"apepwfyz azkhdvkw aenyelxzbk aslnitbyet aycdsdcpgr aqzzdbc agfi axnypydou"
| > | 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
set testdir [file dirname $argv0]
source $testdir/tester.tcl
# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
ifcapable !fts3 { finish_test ; return }
set ::testprefix fts3corrupt2
sqlite3_fts3_may_be_corrupt 1
set data [list]
lappend data {*}{
"amxtvoo adqwroyhz auq aithtir avniqnuynvf axp ahibayfynig agbicpm"
"ajdtebs anteaxr aieynenwmd awpl alo akxcrwow aoxftge aoqvgul"
"amcfvdr auz apu aebelm ahuxyz aqc asyafdb agulvhvqu"
"apepwfyz azkhdvkw aenyelxzbk aslnitbyet aycdsdcpgr aqzzdbc agfi axnypydou"
|
| ︙ | ︙ | |||
98 99 100 101 102 103 104 |
catchsql { SELECT * FROM t2 WHERE t2 MATCH 'a*' }
set {} {}
} {}
}
execsql { UPDATE t2_segdir SET root = $blob WHERE rowid = $rowid }
}
}
| < | 99 100 101 102 103 104 105 106 107 108 109 110 111 |
catchsql { SELECT * FROM t2 WHERE t2 MATCH 'a*' }
set {} {}
} {}
}
execsql { UPDATE t2_segdir SET root = $blob WHERE rowid = $rowid }
}
}
finish_test
|
Changes to test/fts3corrupt4.test.
| ︙ | ︙ | |||
5846 5847 5848 5849 5850 5851 5852 |
do_catchsql_test 37.1 {
INSERT INTO f VALUES (0,x'00');
} {1 {database disk image is malformed}}
#-------------------------------------------------------------------------
#
reset_db
| < < | 5846 5847 5848 5849 5850 5851 5852 5853 5854 5855 5856 5857 5858 5859 |
do_catchsql_test 37.1 {
INSERT INTO f VALUES (0,x'00');
} {1 {database disk image is malformed}}
#-------------------------------------------------------------------------
#
reset_db
do_test 38.0 {
sqlite3 db {}
db deserialize [decode_hexdb {
.open --hexdb
| size 24576 pagesize 4096 filename crash-1cc4f8a70485ce.db
| page 1 offset 0
| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
|
| ︙ | ︙ | |||
6057 6058 6059 6060 6061 6062 6063 |
| end crash-1cc4f8a70485ce.db
}]} {}
do_execsql_test 38.1 {
UPDATE t1 SET b=a;
}
| | > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > | 6055 6056 6057 6058 6059 6060 6061 6062 6063 6064 6065 6066 6067 6068 6069 6070 6071 6072 6073 6074 6075 6076 6077 6078 6079 6080 6081 6082 6083 6084 6085 6086 6087 6088 6089 6090 6091 6092 6093 6094 6095 6096 6097 6098 |
| end crash-1cc4f8a70485ce.db
}]} {}
do_execsql_test 38.1 {
UPDATE t1 SET b=a;
}
do_catchsql_test 38.2 {
SELECT b FROM t1 WHERE a MATCH 'e*e*e*e*e*e*e*e*e*e*e*e*e*e*e*e*'
} {1 {database disk image is malformed}}
#-------------------------------------------------------------------------
reset_db
set saved $sqlite_fts3_enable_parentheses
set sqlite_fts3_enable_parentheses 1
do_execsql_test 39.0 {
CREATE VIRTUAL TABLE t0 USING fts3(
col0 INTEGER PRIMARY KEY,
col1 VARCHAR(8),
col2 BINARY,
col3 BINARY
);
INSERT INTO t0_content VALUES(1,1,'1234','aaaa','bbbb');
INSERT INTO t0_segdir VALUES(0,0,0,0,'0 42',X'000131030782000103323334050101010200000461616161050101020200000462626262050101030200');
}
do_test 39.1 {
catch {
db eval { SELECT rowid FROM t0 WHERE t0 MATCH '1 NEAR 1' }
}
} 0
do_test 39.2 {
catch {
db eval {
SELECT matchinfo(t0,'yxy') FROM t0 WHERE t0 MATCH x'2b0a312b0a312a312a2a0b5d0a0b0b0a312a0a0b0b0a312a0b310a392a0b0a27312a2a0b5d0a312a0b310a31315d0b310a312a316d2a0b313b15bceaa50a312a0b0a27312a2a0b5d0a312a0b310a312b0b2a310a312a0b2a0b2a0b2e5d0a0bff313336e34a2a312a0b0a3c310b0a0b4b4b0b4b2a4bec40322b2a0b310a0a312a0a0a0a0a0a0a0a0a0b310a312a2a2a0b5d0a0b0b0a312a0b310a312a0b0a4e4541530b310a5df5ced70a0a0a0a0a4f520a0a0a0a0a0a0a312a0b0a4e4541520b310a5d616161610a0a0a0a4f520a0a0a0a0a0a312b0a312a312a0a0a0a0a0a0a004a0b0a310b220a0b0a310a4a22310a0b0a7e6fe0e0e030e0e0e0e0e01176e02000e0e0e0e0e01131320226310a0b0a310a4a22310a0b0a310a766f8b8b4ee0e0300ae0090909090909090909090909090909090909090909090909090909090909090947aaaa540b09090909090909090909090909090909090909090909090909090909090909fae0e0f2f22164e0e0f273e07fefefef7d6dfafafafa6d6d6d6d';
}
}
} 0
set sqlite_fts3_enable_parentheses $saved
finish_test
|